October 9 - Cambridge, MA - Alissa Cooper is participating at the FCC Open Internet Advisory Committee's open meeting.

October 10 - San Francisco, CA - Deven McGraw is presenting on "The Perspective of a Privacy Advocate," at the Sixth National HIPAA Summit West.

October 16 - Arlington, VA - Greg Nojeim will be speaking on cybersecurity policy issues at U.S. Cyber Strategy Roundtable.

A major CDT goal is to encourage technology design that offers users, without the need for regulatory mandates, more meaningful control over the flow of their data. Last week we applauded one step forward in that regard, as Apple's iOS 6 was deployed with significantly improved user controls, and we shook our collective head as some in the online ad industry attacked the notion of using a voluntary standard to define a Do Not Track header that could express user choice.

For nearly two years, industry and privacy advocates have been discussing how to implement "Do Not Track" -- a setting in browsers that would allow companies to serve ads online while limiting the collection of personal information about users. Last week, dozens of ad industry representatives, browser makers, and consumer advocates gathered in Amsterdam during a World Wide Web Consortium (W3C) meeting to fine tune the details of how such a setting will work. CDT's Justin Brookman, as editor of the DNT specification, has the unenviable but indispensable role of reconciling the different interests.

Overshadowing the hard work of implementing effective user controls, some companies, analysts, and policymakers recently attacked Do Not Track, decrying it as a disaster that would destroy the advertising-supported web. This sudden onslaught against the very concept of Do Not Track was surprising, as the advertising industry had already voluntarily agreed to deploy Do Not Track by the end of this year. Rather than abandoning industry's longstanding promise of consumer choice, all stakeholders need to work together to develop a meaningful standard that permits valuable ad serving but stops the boundless collection of online web surfing behavior by a host of unknown companies. To make this happen, privacy advocates will have to settle for something less than they would like in an ideal world, but it is equally true that advertisers must honor their commitment to respect users' preferences.

When Apple released iOS 6, its new operating system for the iPhone, the big news for many in the media was Apple's decision to drop Google Maps. In the uproar, iOS 6's privacy features received little fanfare, despite undergoing a major overhaul. Indeed, the new iOS includes many changes that CDT has long recommended, including giving users more control over tracking and increasing the range of options in the privacy settings. For example, iOS 6 now allows users to finely control how various kinds of data - such as contacts and photos - get shared with specific apps. The new operating system also allows users to more easily express a desire not to be tracked by marketers: clicking through Settings > General > About > Advertising > Limit Ad Tracking, users can set a flag that tells apps they don't want to be tracked. As CDT has long argued, a company's incorporation of privacy enhancing features, such as Apple has done in iOS 6, can encourage others in the space to respond and to compete on built-in privacy controls, enhancing the user experience throughout the ecosystem.

Policies protecting intermediaries from liability for content posted by third parties have helped to expand the space for expression and innovation online. However, there remains considerable debate outside of the US over the application of liability principles to intermediaries in general, and there is little clarity as to how various legal regimes will react to mobile platforms.

Last week, CDT released a paper examining the privacy and other liability issues raised when mobile platforms act as intermediaries, hosting third party apps that deliver content, access user data, and perform other functions. Our paper analyzes the current state of the law in the United States, the European Union, and Canada. We note that, in many ways, the capabilities of the mobile environment mirror those of desktop programs and web services, where it is clear that hardware makers and operating systems are not liable for the conduct of third party apps. In Europe, however, the legal regime is less clear, as intermediaries there are subject simultaneously to the E-Commerce Directive, domestic law, and the Data Protection Directive. In Canada, we note that the Privacy Commissioner has suggested that social networking platforms should take responsibility for moderating the actions of third party developers. In this regard, the paper reaffirms a major concern of CDT's, that confusion about the role of intermediaries threatens online innovation.

In the run-up to the International Telecommunication Union (ITU) World Conference on Information Technology this December, CDT has developed an online resource to better explain and inform civil society and advocates about the issues at stake during that meeting. We have a "tweet-ready" animated countdown timer counting down to opening of that meeting. Currently, the ITU’s treaty does not address Internet technical standards, infrastructure, or content. Some governments are advocating expansion of the ITU's authority to include Internet regulation. The issue poses risks to free expression, access to information, and privacy.

How would you feel if the fines for speeding went directly into the pockets of the police officers issuing speeding tickets? Seems a sure-fire recipe for abuse and conflict-of-interest. Yet, according to published reports, in Panama, Congress voted last week to pass a new copyright law that follows just this model.